GSLB with CSS behind a firewall

Unanswered Question
Mar 11th, 2007
User Badges:

Hi all

I have my CSS's located behind firewalls on a private subnet. The firewall is performing NAT for external translations to my VIPs. I am implementing GSLB for failover and want to know if it is possible to do this with this configuration or if I need to have the VIP's configured with public IP addresses. How will the CSS present the DNS responses if the CSS in behind a firewall?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 03/12/2007 - 01:29
User Badges:
  • Cisco Employee,

your firewall must do dns fixup in order to translate the dns response.

The CSS will respond with the private address.

All Cisco firewalls come with the nat fixup function.



This Discussion